What Is a Rug Pull and How Do We Identify One?

Rug Pulls in Cryptocurrency Graphic

Cryptocurrency has been making waves in recent years, with more and more people investing in it. However, with the rise of cryptocurrency investment comes the rise of scams. One of the most common scams in the crypto world is the rug pull. According to Chainalysis, in 2021, rug pulls were responsible for taking away approximately $2.8 billion worth of cryptocurrency from victims, making up 37% of all cryptocurrency scam revenue for the year.

What is a Rug Pull?

A Rug Pull is a type of crypto scam where a team creates a new crypto token and pumps up its price before disappearing with the funds, leaving investors with a valueless asset. These scams happen when fraudulent developers create a new crypto token, pump up the price, and then pull as much value out of them as possible before abandoning them as their price drops to zero. Typically, a group of developers will create a new token, promote it heavily to attract investors, and then disappear with the funds, leaving investors with a valueless asset.

One recent example of an alleged rug pull is the Squid Token scam, which happened in November 2021. The developers of Squid Token promoted the token heavily on social media, causing its price to surge. However, just a few days later, the developers withdrew all the coins from the liquidity pool, causing the price to plummet to zero. The developers then disappeared with the funds, leaving investors with nothing.

Different Types of Rug Pulls

There are three main types of rug pulls in crypto: liquidity stealing, limiting sell orders, and dumping.

Liquidity Stealing

Liquidity stealing is the most common type of rug pull in the DeFi space. It occurs when the creators of a token withdraw all the coins from the liquidity pool, which removes all the value injected into the currency by investors, driving its price down to zero. Liquidity pools are an essential component of DeFi protocols that enable users to trade cryptocurrencies without relying on a centralized exchange.

The liquidity pools consist of funds provided by liquidity providers (LPs) in exchange for a share of the transaction fees. LPs deposit equal amounts of two cryptocurrencies into a liquidity pool, and they receive liquidity pool tokens in return, which represent their share of the pool. These tokens can be redeemed for the underlying cryptocurrencies at any time. Liquidity-stealing rug pulls happen when the creators of a project withdraw the deposited funds and run away with them, leaving the LPs with worthless tokens.

Limiting Sell Orders

Limiting sell orders is a more subtle way for malicious developers to defraud investors. In this type of rug pull, the developers code the tokens so that they’re the only party that is able to sell them. Developers then wait for retail investors to buy into their new crypto using paired currencies. Paired currencies are two currencies that have been paired for trading, with one against the other. Once there is enough positive price action, they dump their positions and leave a worthless token in their wake.


Dumping is when developers quickly sell off their own large supply of tokens, driving down the price of the coin and leaving remaining investors holding worthless tokens. It usually occurs after heavy promotion on social media platforms, and the resulting spike and sell-off are known as a Pump-and-Dump Scheme. This falls under more of an ethical grey area than other DeFi rug pull scams. In general, it’s not unethical for crypto developers to buy and sell their own currency. “Dumping,” when it comes to DeFi cryptocurrency rug pulls, is a question of how much and how quickly a coin is sold.

Hard Pulls vs. Soft Pulls

Hard pulls occur when the developers intentionally create malicious backdoors in the project’s smart contract. These backdoors allow the developers to exploit the project and steal funds from investors. Malicious backdoors can be difficult to detect, and once the developers have exploited the project, they disappear, leaving investors with worthless tokens.

Soft pulls, on the other hand, are less severe compared to hard pulls. Soft pulls occur when the developers dump their tokens, causing the value of the project to plummet. This leaves investors with worthless tokens, but it is not as malicious as a hard pull, as the developers do not intentionally create backdoors in the project’s smart contract. Soft pulls can be difficult to detect, as the developers may create hype around the project, leading to a sudden increase in the token’s value, only to dump it afterward.

Are Rug Pulls Illegal?

While crypto rug pulls are always unethical, they are not always illegal. Hard rug pulls, where developers code malicious backdoors into their tokens, are illegal. Soft rug pulls, where developers dump their crypto assets quickly, are unethical but not always illegal. However, fraudulent activities in the crypto industry, including rug pulls, can be challenging to track and prosecute.

How to Identify and Avoid Rug Pulls?

There are six signs to watch out for that could indicate a potential rug pull:

Unknown or Anonymous Developers

Investors should consider the credibility of the people behind new crypto projects. Are the developers and promoters known in the crypto community? What is their track record? If the development team has been doxxed but isn’t well known, do they still appear legitimate and able to deliver on their promises?

Unknown or anonymous project developers could be a red flag. While it’s true that the world’s original and largest cryptocurrency was developed by Satoshi Nakamoto, who remains anonymous to this day, times are changing.

No Liquidity Locked

One of the easiest ways to distinguish a scam coin from a legitimate cryptocurrency is to check if the currency is liquidity locked. With no liquidity lock on the token supply in place, nothing stops the project creators from running off with the entirety of the liquidity.

Liquidity is secured through time-locked smart contracts, ideally lasting three to five years from the token’s initial offering. While developers can custom-script their own time locks, third-party lockers can provide greater peace of mind.

Investors should also check the percentage of the liquidity pool that has been locked. A lock is only helpful in proportion to the amount of the liquidity pool it secures. Known as total value locked (TVL), this figure should be between 80% and 100%.

Limits on Sell Orders

A bad actor can code a token to restrict the selling ability of certain investors and not others. These selling restrictions are hallmark signs of a scam project.

Since selling restrictions are buried in code, it can be difficult to identify whether there is fraudulent activity. One of the ways to test this is to purchase a tiny amount of the new coin and then immediately attempt to sell it. If there are problems offloading what was just purchased, the project is likely to be a scam.

Skyrocketing Price Movement with Limited Token Holders

Sudden massive swings in price for a new coin should be viewed with caution. This unfortunately rings true if the token has no liquidity locked. Substantial price spikes in new DeFi coins are often signs of the “pump” before the “dump.”

Investors skeptical about a coin’s price movement can use a block explorer to check the number of coin holders. A small number of holders makes the token susceptible to price manipulation. Signs of a small group of token holders could also mean that a few whales can dump their positions and do severe and immediate damage to the coin’s value.

Suspiciously High Yields

If something sounds too good to be true, it probably is. If the yields for a new coin seem suspiciously high but it doesn’t turn out to be a rug pull, it’s likely a Ponzi scheme.

When tokens offer an annual percentage yield (APY) in the triple digits, although not necessarily indicative of a scam, these high returns usually translate to equally high risk.

No External Audit

It is now standard practice for new cryptocurrencies to undergo a formal code audit process conducted by a reputable third party. An audit is especially applicable for decentralized currencies, where default auditing for DeFi projects is a must.

However, potential investors shouldn’t simply take a development team’s word that an audit has taken place. The audit should be verifiable by a third party and show that nothing malicious was found in the code.

Investors should be aware that these signs alone do not necessarily mean that the project is a rug pull, but they should raise red flags and warrant further investigation before investing in the project.

Practice Due Diligence

In addition to these signs, investors should also be cautious of hype and FOMO (fear of missing out) surrounding a new project. It’s common for fraudulent projects to create a sense of urgency and hype around their token to attract investors quickly, but investors should take their time to conduct thorough research and due diligence before investing.

Investors should also always verify the legitimacy of the project team and check their track record and can also look for transparency in the project’s white paper, website, and other materials. Ask yourself these questions: Are they experienced and credible members of the crypto community? Have they worked on successful projects before?

It’s also essential for investors to understand the smart contract of the project thoroughly. Investors should verify that the smart contract code is audited by reputable third-party auditors to ensure that there are no hidden malicious backdoors or exploitable codes.

Final Thoughts

Rug pulls have become a significant problem in the world of cryptocurrency, causing investors to lose billions of dollars. While it is essential to educate yourself on how to identify and avoid rug pulls, it is crucial to keep in mind that there is no foolproof method to protect yourself completely. As the crypto industry continues to evolve and attract more investors, it is up to individuals, regulators, and law enforcement agencies to work together to prevent and penalize fraudulent activities.


More Posts